Commercial Narrator

The Jack Welch Management Institute at Strayer University helps you go from I know the way to I've arrived with our top 10 ranked online MBA. Gain skills you can learn today and apply tomorrow. Get ready to go from make it happen to made it happen and keep striving. Visit strayer.edu Jack Welchmba to learn more. Strayer University is certified to operate in Virginia by Chev and its many campuses, including at 2121 15th Street north in Arlington, Virginia.

Greg Kilstrom

Hey sweetie, your mother showed me this Carvana thing for selling the car. I'm gonna give it a try. Wish me luck. Me again. I put in the license plate. It gave me an offer. Unbelievable. Okay, I accepted the offer. They're picking it up Tuesday from the driveway. I haven't even left my chair. It's done. The car is gone. I'm holding a check anyway. Carvana Give it a whirl. Love ya.

Heder Iqbal

So good you'll want to leave a voicemail about it.

Commercial Narrator

Sell your car today on Carvana. Pickup fees may apply.

Greg Kilstrom

Foreign. Welcome to Season seven of the Agile Brand where we discuss the trends and topics marketing leaders need to know. Stay curious, stay agile and join the top enterprise brands and Martech platforms as we explore marketing, technology, AI, e commerce, and whatever's next for the Omnichannel customer experience. Together we'll discover what it takes to create an agile brand built for today and tomorrow and built for customers, employees and continued business growth. I'm your host Greg Kilstrom, advising Fortune 1000 brands on martech, AI and marketing operations. The Agile Brand podcast is brought to you by Tech Systems, an industry leader in full stack technology services, talent services and real world application. For more information, go to teksystems.com to make sure you always get the latest episodes, please hit subscribe on the app you listen to podcasts on and leave us a rating so others can find us as well. And now onto the show. What if the biggest threat to your brand's agility and security isn't a competitor, but the welcome mat you lay out for your own partners? Agility requires not just the ability to move quickly, but the confidence to do it securely. It's about building a foundation of trust that enables seamless collaboration without introducing unnecessary risk. Today we're going to talk about a critical, yet often overlooked aspect of brand agility, the digital experience we provide to our third party partners. From marketing agencies to technology vendors. These relationships are essential, but the very processes meant to enable them, like onboarding and system access, can often be the source of massive friction Security risks and a fundamental breakdown of trust. To help me discuss this topic, I'd like to welcome Heder Iqbal, Director, Identity and Access Management at Thales. Heder, welcome to the show.

Heder Iqbal

Thanks Greg, Great to be here.

Greg Kilstrom

Yeah, looking forward to talking about this with you. Before we dive in though, why don't you give a little background on yourself and your role at Thales?

Heder Iqbal

Yeah, so Thales obviously is a much bigger company as a group, you know, building satellites and whatnot. But I actually work in their cybersecurity products business and specifically I actually had their product marketing for their identity and access management business that helps companies basically if you're an employee, to log into different applications, if you're a consumer, to log into your banking applications, your retail applications online as well, so on and so forth. So I actually look after their global product marketing for that particular product line.

Greg Kilstrom

Great, great. So, yeah, let's, let's dive in here and talk about, we're going to talk about a few things, but I want to start with the imperative of digital trust. And so Telus put together a digital trust index and that highlights that nearly one in three third party users must wait days for access to critical systems. I think I've been one of those people waiting on the waiting end in situations like that. So I definitely can empathize. From a brand's perspective, what are the hidden costs of that initial friction beyond just lost time? You know, how does it impact the perception of a brand before a project even begins?

Heder Iqbal

Yeah, great question. I think the way that we, the way that we operate today, you know, we are generally not just speaking about our own organization working with a consumer or a customer, you often work as an extended enterprise, right? So your business partners, whether those might be your distributors, your agents, sometimes even your suppliers as well, they become a really crucial part of the overall experience that you deliver to your consumers or customers. I think it was probably Gartner that coined this term called total experience. I really like the term because the way that they look at it is saying, hey, you know what, if you want to deliver good user experiences for your customers, you need to think about the user experience, not just of your own employees as well, but also anyone, any other stakeholder that might be involved as part of that whole process as well. So I think as part of the overall experience that we want to deliver to our end consumers, your partners and your suppliers become extremely important. So speaking about your brand as a whole, you, you know, your partners and your suppliers, they actually become an extension of your brand that way. As well.

Greg Kilstrom

Yeah.

Heder Iqbal

So imagine if, you know, you have a disgruntled end consumer who can't gain access to, let's say, their business application, or perhaps they want to order something online and they can't order online just because they can't have access to their applications. I think the same logic applies to your partners as well that way. So in order to establish that trust with your partners, you know, you need to make sure that the access that you're providing to them is actually seamless to begin with.

Greg Kilstrom

Yeah, yeah. And the report also shows that only 56% of users are fully confident that a host organizations would disclose a breach promptly. So 56%, not as much as you might hope. Right. In an ecosystem where, you know, there's interconnected Martech platforms and agencies and, you know, all of these pieces, how should a marketing leader think about the concept of shared risk as well as shared responsibility when it comes to third party data access?

Heder Iqbal

Yeah, I think when you look at the different sort of regulations that are popping up. Right. So obviously when we look at Europe, GDPR is kind of like the gold standard of all privacy regulation. But even here in the US for instance, you know, it's a bit fragmented that way, but you have, I think, a bit north of what, 30 different data privacy regulations over here in the US as well. And with that fragmentation, I mean, when you look at this statistic and the confidence that actually your partners have in, in the case of a breach, I think it is quite alarming that way as well. Because again, going back to the notion of trust, if your partners cannot trust you with their data. Right. Or perhaps you cannot trust your partner to actually trust them with your customer's data, for instance, that creates a barrier for actually delivering, I would say, a smooth user experience for your end consumers that way as well. So I think when it comes to shared responsibility, that doesn't necessarily mean shared cyber security as well. Right. So, you know, each one of the entities, they are responsible for ensuring that they have the right checks and balances in place. But something that, you know, a term that I often use as part of the overall digital experience that you're building for end consumer, what we like to call it is privacy by design. So I think if there's one message that I'd want to pass to, let's say a Chief Commercial Officer or Chief Digital Officer, is as you're thinking about building those user experiences not just for your end consumers and customers, but also for your partners and suppliers, you need to think about privacy by design. Because that is absolutely essential to the overall user experience as well. You know, having that confidence, I mean, you and I as individuals as well, can vouch for that as well. Right. I mean, I need to have the ability to know that my data is being kept in a safe and secure manner and it's going to be used just in the correct way that I anticipate it to be used as well.

Greg Kilstrom

Yeah, yeah.

Heder Iqbal

And obviously, as I said, extended enterprise, if our marketing stacks are connected, you know, that problem becomes even more amplified. So again, think about privacy by design whenever you're designing those user experiences, because you know that's going to help save you a lot of trouble in the future as well.

Greg Kilstrom

Yeah. And there's a lot of aspects of the user experience to look at, but I know one large one that your data points to is just inconsistent processes, frequent password resets, you know, 96% of users in the, in the index face login issues. Again, I totally feel, feel their pain. I. It's kind of the bane of many, many's existence, I think. What's a practical first step that a large organization can take to, to solve for that, you know, standardizing identity, access, experience, all of these things. Because, I mean, I think the other part of this is a lot of these partners, this isn't the only, you know, this isn't their only partner. Right. So they're facing this not only with one partner, but, you know, how many, like five, 10 other partners in some cases. So, you know, what, what can a large organization do to, you know, improve that experience?

Heder Iqbal

Yeah, I think when you speak about passwordless, you know, they bring not just friction for the users who are using them in the background as well. If you imagine in terms of, you know, the cost that the IT organizations need to bear for resetting passwords, when users actually forget their passwords as well. I think the magnitude of this problem when it comes to speaking about partners is perhaps best explained by, you know, another survey that we did. I think perhaps a year ago, it was pretty telling for me as well that almost, I think maybe half of all users who are trying to gain access to your corporate assets or data, they're actually external users. Right. So usually we are always thinking about the user experience of our employees, for example, or the end consumers. But then, you know, close to 50% of those users are actually signing in from, let's say, your partners, your suppliers, so on and so forth. So when you put that into perspective, you know, it gives you the magnitude of the problem as well. Now, if you Multiply the password resets. For such a big user constituency, you know, you come to realize that the problem is indeed quite great that way as well. Now, what can organizations do? I mean, you might have heard the term passwordless. So that is doing around these days. The great thing is, I think we as end consumers as well, regardless of having a lot of technical knowledge, actually understand the concept really well of not being able to use passwords. So, you know, you just go and use your biometric information or facial recognition, for instance, to log into different applications as well. Something that perhaps the marketing fraternity might not be as familiar with, but there's something called the Fido alliance, and they're basically on a mission to get rid of passwords. So Thales has been on the board of Fido alliance for many years now. One of the things that we recommend to large organizations is when they're thinking about going passwordless to get rid of all the problems that we just described, they end up thinking in a very myopic sense to just focus on either their employees or their consumers. And they tend to outright overlook that large user constituency that I just described in the middle, that is gaining access to your corporate resources as well. So if you're building a good user experience of getting rid of passwords for your workforce and for your consumers, why not do it for your partners and suppliers as well? So take a holistic approach to looking at getting rid of passwords. It shouldn't just be for your employees and it shouldn't just be for your consumers. There are technologies out there, like I mentioned, when you look up Fido alliance, they introduce something called passkeys, which are great to actually get rid of passwords inside your organization. And also for your third parties that might be interacting with your systems as well.

Greg Kilstrom

Yeah, yeah, well. And one of the reasons, I mean, several passkeys, I think are amazing. I use them whenever they are available. I wish they were available more. You know, one of the reasons for this, you know, the study also, so you know, you mentioned 50% of, of the, or roughly 50% of the people logging in are not necessarily internal to the organization. So you've got, you know, roughly half of your audience, sometimes external partners. And then your study also shows that over half of users retain access long after it's needed. So, you know, another security gap. So, you know, you've got half of this audience that are not even employ. And you know, you're not directly governing their, their access or their, their security and things like that. So, you know, it seems like a Simple enough problem maybe to solve on, on the surface, but it, it still persists. So, you know, is this purely, you know, can this purely be solved by technology? Is it a process problem, a people problem? You know, how do you kind of untangle all of that?

Heder Iqbal

Yeah, as is the case with many other things, I think it's a, it's a mixture of both, both process and technology. But the good thing is now you do have technology that actually helps you in ensuring that these kind of things don't happen. Right. So first of all, I think, I mean, imagine a partner, a disgruntled partner at that, who might have been working with you for the longest time and you suddenly sort of terminated your relationship with them and they go rogue and you know, they're able to download more data from your website even after their relationship with you has terminated. Now in the older days, perhaps, you know, this was not a significant problem. But when you look at how interconnected organizations are these days, the amount of, you know, the threat that this, you know, unfederated access can actually present, it's quite significant that way. And that's why you hear about these third party breaches going on as well. So something called, you know, the supply chain risks, for example, or the third party risks, you'll come to realize that over the course of the past three or four years, you know, they've increased significantly as well. One of the things that we recommend to organizations is if you're working with a partner organization, right? So imagine if I'm working with a supplier. Usually this organization that you're working with has better intimacy about who is still in their organization, who has left the organization. So why don't you as the host organization, delegate the access management capabilities to your partner organization. So imagine if you, Greg, are my supplier, right? You know how many people in your organizations are interacting with me as a brand? What we say is delegate that administration over to Greg. And Greg doesn't have to be a technical person as well, right? So give them user friendly tools that allow you to say, hey, you know what, Tom or John or in, they're still working in my organization, but Jane just left the organization. So hey, I can revoke the access because Heather doesn't know that Jane has left. So I think that's one way of putting the onus on your partners themselves because they have much more better intimacy in terms of who actually should be having access or if somebody has left the organization, how to actually report their access as well.

Greg Kilstrom

And so how does an organization measure, you know, roi on something like this. I mean, obviously, you know, if there's, if there's a data breach, that's a very, you can probably, you know, run some numbers around something like that. But, you know, as, as in a lot of cases, this is preventative and, and, and things. But there, it seems like there's still some ways there's reducing friction and, and things. You know, your report shows that users waste about 48 minutes a month logging in and accessing and stuff like that. I mean, I, I feel like that's longer for me, but maybe, maybe that's, I'm just, I'm just challenged in that way. But, you know, how do you recommend brands measure the impact of that kind of that reclaim time, you know, and correlate it to building what, what your reports calls digital trust?

Heder Iqbal

Yeah, I mean, I think a lot of it, when we look at it in terms of end consumers ourselves, I think drawing that analogy becomes so much easier. I think a good login experience, a frictionless login experience is, become kind of like a norm in the consumer world. Organizations that are still creating friction in terms of using passwords or perhaps even forcing users to go and change their passwords every now and then actually show the inherent nature of the problem of passwords to begin with. If you want to build a better reputation with your partners and customers, you know, you want to ensure that they're doing activities with you, which they're meant to be doing, and not wasting time trying to gain access to data, trying to gain access to systems. Right. The best thing about technology has to be that it is so invisible that you don't even actually feel it working for you in the background. So I think one of the ways, as you've correctly pointed out, right, 48 minutes per month for me, especially for somebody who perhaps might be actually spending a lot more time on internal systems, 48 minutes for gaining or losing time on external systems. I think it's a very significant number. I think it's extremely important that organizations try to sort of quantify that in terms of lost productivity for this extended enterprise that way as well. If I give you a very small example, Thales as a company, if I remember correctly, I think we used to have, this was just a few years ago, something like 12,000 different suppliers, not users. 12,000 suppliers, yeah. Now you multiply that with, I don't know, 10 users per supplier or which is, by the way, a really small number.

Greg Kilstrom

Right.

Heder Iqbal

That gives you the magnitude of the number of users who are potentially sort of gaining access to your Systems and again, certain other industries, like when you look at insurance for instance, you have a network of brokers and agents that you're working with that have a really complex relationship with you as well. Again, you need to automate the process in a way which you don't really don't have these kind of frictions because again, these are not one to one relationships that you can manage on your own. You know, the more you're able to automate a lot of these access management processes, they actually help you in building trust with that really complex network that you've built for yourself as an organization.

Greg Kilstrom

Yeah. And so you know how I know you mentioned some things like passkeys and just passwordless in general. You know, how close are we to that being a reality? I mean again, I see it as a, you know, either as a consumer or as a, as a user of some platforms. But it's, you know, it's feeling inconsistent right now. You know, what's, what does that look like over the, you know, months and years ahead?

Heder Iqbal

I mean, months and years ahead. So I like the word that you put years in it as well because maybe I can give you some concrete examples. Right. So there's, there's a manufacturing concern that we are working with. Obviously, you know, they have people wearing hard hats in that setup as well sometimes. And we are actually discussing with them technologies which make authenticating to a lot of the digital assets because obviously a lot of those factory floors are getting digitalized as well. So we're actually working with them to see something called brain computer interface, which is basically a technology where you don't need to use any password. You know, you can actually communicate using brainwaves and that actually leverages technology that helps you in implementing password lists for the future, especially in the context of some of these B2B users. So for example, those contractors that you might have working on the floor as well, you know, they actually make those kind of use cases a lot simpler as well. But then maybe perhaps not looking at that far ahead in time, sticking to passkeys. I think when you look at passkeys, I think they have been phenomenal in terms of the mission of getting rid of passwords for organizations as well. I think even in this day and age as well, we have the technology stack that can actually enable your partners, your suppliers to actually log into different applications without using their passwords as well. And again, there are different mechanisms. So for example, you might not be comfortable using your smartphone as a supplier. You don't want to use your Personal device, that's fine. There's an alternative mechanism like smart cards or USB tokens, for instance, potential that you could provide to your suppliers and partners as well if you want to ensure that they can actually log into different applications in a secure fashion as well. So again, I think technology is no longer the barrier, so that's really not the excuse here anymore.

Greg Kilstrom

Yeah, well, yeah. And you know, speaking of technology, you know, we haven't spent a lot of time talking about AI today, but let's go there, I guess, as we kind of wrap things up here. Last topic. You know, obviously, you know, AI is, it feels like it's already everywhere, but it's increasing in its usage. It also is introducing some interesting access requirements issue. You know, when, when we start talking about agent to agent communication, you know, agents on behalf of consumers or, you know, it's early days, but it's, it's becoming, you know, it's becoming more and more used. I assume that's going to happen more and more in the B2B space as well. So, you know, what, what kind of challenges and you know, you know, how does this kind of change or maybe add to the complexity of what we're talking about here?

Heder Iqbal

Oh, significantly. I mean, you know, I spoke about the complex maze that you have in the B2B ecosystem in terms of being able to manage so many different type of users that we don't even know of. It gets multiplied, I don't know, tenfold, 100 fold. I don't know. I mean, sky is the limit in terms of the machine identities or the agentic identities that you would have to manage in the world of tomorrow. Right. And that's why the whole identity and access management layer becomes so much more important. Right? Because if you don't have an inventory of all the agentic AI identities in your infrastructure, what you can't see, you can't protect, right. Or protect from that way as well. So again, I think, you know, the whole problem of managing identities in the AI world or the agent AI world, it becomes a lot more complex to solve as well. So you need to have a lot more granular way of working with them as well. I spoke about this capability of delegating the access management part to your partner and all that stuff. Now think about delegating all of those access over to multiple agents as well. So I think the, you know, the whole notion, I mean, there's huge potential for us as cybersecurity companies in this space. But yeah, it is a challenge that, you know, the commercial Teams do need to look at because the future is already here. I mean, we know, you know, you have those agent to agent interactions which are happening today. So again, having visibility on the ecosystem of agents that you have in your ecosystem and your extended ecosystem and then being able to grant granular access rights to them as well becomes absolutely crucial in the future as well.

Greg Kilstrom

Yeah, yeah. So as, as we wrap up here, a couple, couple last questions from you. For you. If we were having this interview a year from now, what's one thing that we would definitely be talking about?

Heder Iqbal

Oh, I think we just spoke about it just now, only even more amplified. Right. So agentic AI, it is just mind blowing, you know, how much it's affecting not just the consumer world, but this B2B interaction world as well. I mean, imagine agents negotiating contracts on your behalf, right? So you need to work with the supplier, you need to work with a partner. Think about, you know, industries like logistics or even in supply chain, for instance, you know, when you need to work with so many different parties and agents working on your behalf autonomously, it is both mind blowing in terms of the potential it has, but also from a security point of view, a nightmare, let's say, for the Chief Digital officers or the CIOs. So again, I think while there's so much potential over there as well, I think we need to be cognizant of the risks that these kind of things actually bring to the table as well.

Greg Kilstrom

Yeah. Well, Heder, thanks so much for sharing all your ideas and insights. Last question for you. What do you do to stay agile in your role and how do you find a way to do it consistently?

Heder Iqbal

Oh, I mean, agile is like, I wish I could say my middle name, but I mean, when we look at our role within product marketing, for instance, you know, we need to be extremely nimble in, in what we do because we have, we're working in the tech industry. Right. And speaking of AI, for instance, you know, literally from one day to the other, things are evolving. Things are evolving in the sense in terms of the markets that we address, but in terms of the way that we work as well. So I think agility for me, especially in the tech world is being very open in terms of being able to try and fail fast. Essentially having that mindset is absolutely crucial in the world as well. So that's, I think one of the core things when I think about agility within my own team to actually address the future.

Greg Kilstrom

Love it. Well, again, I'd like to thank Heder Iqbal, Director Identity and Access Management at Talos for joining the show. You can learn more about Heder and Thales by following the links in the show Notes thanks again for listening to the Agile Brand brought to you by Tech Systems. If you enjoyed the show, please take a minute to subscribe and leave us a rating so that others can find the show as well. You can access more more episodes of the show@theagile brand.com that's theagile brand.com and contact me if you're interested in consulting or advisory services or are looking for a speaker for your next event, go to www.gregkilstrom.com that's G R E G K I H L S t r o m.com the Agile brand is produced by Missing Link, a Latina owned, strategy driven, creatively fueled production co op. From ideation to creation, they craft human connections through intelligent, engaging and informative content. Until next time, stay curious and stay agile.

Commercial Narrator

The agile brand.

Greg Kilstrom

Tired of overpaying with DirecTV? Dish offers a reliable low price every month without surprises. Get the TV you love and start watching live sports news and the latest movies, plus your favorite streaming apps all in one place. Switch to Dish today and lock in the lowest price in satellite TV starting at $89.99 a month with our two year price guarantee. Call 888 add dish or visit dish.com

Commercial Narrator

the Jack Welch Management Institute at Strayer University helps you go from I know the way to I've arrived with our top 10 ranked online MBA. Gain skills you can learn today and apply tomorrow. Get ready to go from make it happen to Made it happen and keep striving. Visit strayer.edu Jack Welchmba to learn more. Strayer University is certified to operate in Virginia by Chev and its many campuses, including at 2121 15th Street north in Arlington, Virginia.